安装版本信息
系统版本:centos7.9 docker版本:Docker version 20.10.11, build dea9396 docker-compose版本:docker-compose version 1.29.2, build 5becea4c
脚本下载地址:
脚本说明
- system_init_v4.sh
- app_install_docker.sh
执行系统初始化脚本
sh system_init_v4.sh
所做工作: 设置yum源 安装基础软件包 修改系统限制 优化history命令记录相关 内核优化 安全设置 时区设置 登录欢迎语设置
系统初始化脚本手动执行
配置yum源
代码语言:javascript复制 yum install -y wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all
yum makecache安装必要的软件,创建目录
代码语言:javascript复制 yum install -y vim wget lrzsz telnet traceroute iotop tree rsync
yum install -y git zlib-devel openssl-devel unzip xz libxslt-devel libxml2-devel libcurl-devel
#yum -y install ipset ipset-service >/dev/null 2>&1
yum -y install net-tools.x86_64 vim lsof
yum install -y openssl openssl-devel openssh openssh-server
yum install -y ntpdate crontabs修改系统限制
代码语言:javascript复制cat <>/etc/security/limits.conf
* soft nofile 1048576
* hard nofile 1048576
EOF
cat </etc/security/limits.d/20-nproc.conf
* soft nproc 1048576
* soft nproc 1048576
EOF增加操作系统记录数量
代码语言:javascript复制if ! grep "HISTTIMEFORMAT" /etc/profile >/dev/null 2>&1
then echo '
UserIP=$(who -u am i | cut -d"(" -f 2 | sed -e "s/[()]//g")
export HISTTIMEFORMAT="[%F %T] [`whoami`] [${UserIP}] " ' >> /etc/profile;
fi
sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile系统内核优化
代码语言:javascript复制cat < /etc/sysctl.conf
fs.file-max = 6553560
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
vm.overcommit_memory = 1
EOF关闭selinux
代码语言:javascript复制 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
yum -y remove firewalld
yum -y install iptables-services iptables同步系统时间,时区设置
代码语言:javascript复制 rm -f /etc/localtime
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
/usr/sbin/ntpdate ntp.ntsc.ac.cn
/usr/sbin/hwclock -w
#计划任务,每5分钟同步系统时间
echo "*/5 * * * * flock -xn /tmp/ntp.lock -c '/usr/sbin/ntpdate ntp.ntsc.ac.cn >> /tmp/ntp.log 2>&1 &'" >> /var/spool/cron/root登录欢迎语设置
代码语言:javascript复制 /usr/bin/cp -f ../support/login.sh /usr/local/bin/login.sh && chmod x /usr/local/bin/login.sh
echo "/usr/local/bin/login.sh" >> /etc/profile执行docker安装脚本
sh app_install_docker.sh
所做工作: 安装python3环境 安装docker-ce 安装docker-compose 设置docker-ce开机自启动
安装脚本手动执行
安装python3环境
代码语言:javascript复制yum update -y
yum groupinstall Development tools -y
yum -y install zlib-devel
yum install -y openssl-devel libxslt-devel libxml2-devel libcurl-devel
yum install python3 -y安装docker-ce
代码语言:javascript复制yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
yum install -y docker-ce安装docker-compose编排工具
代码语言:javascript复制/bin/cp -f ../support/docker-compose /usr/local/bin/docker-compose && chmod x /usr/local/bin/docker-composedocker服务开机自启
代码语言:javascript复制/bin/systemctl enable --now docker
